https://bugzilla.redhat.com/show_bug.cgi?id=1244236
Kurt Seifried kseifried@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|high |low Whiteboard|impact=important,public=201 |impact=important,public=201 |50716,reported=20150717,sou |50716,reported=20150717,sou |rce=internet,cvss2=6.8/AV:N |rce=internet,cvss2=3.3/AV:L |/AC:M/Au:N/C:P/I:P/A:P,fedo |/AC:M/Au:N/C:P/I:P/A:N,fedo |ra-all/elasticsearch=affect |ra-all/elasticsearch=affect |ed,rhn_satellite_6/elastics |ed,rhn_satellite_6/elastics |earch=wontfix,sam-1/elastic |earch=wontfix,sam-1/elastic |search=wontfix |search=wontfix Severity|high |low
--- Comment #4 from Kurt Seifried kseifried@redhat.com --- Updating the severity, for Sam 1.x elasticsearch only listens on localhost, thus local access is required. For Satellite 6.x the installation process should include firewalling it to trusted local users only. As such this only scores 3.3 instead of 5.8 on the CVSS2 scoring.